Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MVS_VF
Participant
Jump to solution

Standard Hotfix update process

Dear Friends,

I am planning to install/update all my 100+ firewalls from R81.20 Take 41 to Take 65. All the firewalls are on MDS in  Active/Standby. I wanted to go through Checkpoint laid down standard process and steps for Hotfix update on each cluster member and steps(if any) on MDS.

Thank you

MVS

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin

Did you look into the revelant documentation yet? Here is the link for you: https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/Installation-Uninstall.htm?tocpath=____...

 

With that many FWs, I would recommend the Central Deployment Tool

View solution in original post

4 Replies
_Val_
Admin
Admin

Did you look into the revelant documentation yet? Here is the link for you: https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/Installation-Uninstall.htm?tocpath=____...

 

With that many FWs, I would recommend the Central Deployment Tool

MVS_VF
Participant

Dear Val, the links are indeed helpful. This is exactly what I was looking, many thanks.

I have one query related to this - which I could not see, that is do I need to install policy after each upgrade? And if yes than both cluster member or the one which is upgraded/not upgraded select for policy push? I am not sure if HotFix upgrade requires policy install step.

Earlier when I did policy install step it was when OS was upgraded R77 to 81. I have change the version name from r77 to r81 in Gateway Cluster Properties-->General Properties-->Platform--->Version and then push the policy.

I followed these steps while upgrading from R77.30 to R81 take 392:

Start with Passive Firewall(ideally)
Install latest/recommended Deployment Agent(DA) if installation is not automatically enabled on the firewalls
Upload/Copy of IOS Image on the concerned firewall
Verify IOS Image - Check_Point_R81_T392
After successful verification - Upgrade FW with IOS image
Upload Hot Fix - Check_Point_R81_JUMBO_HF_MAIN_Bundle_T77
Verify uploaded Hot Fix_Bundle_T77
After successful verification, Install Hot Fix
Change Name to R81 on MDS
Policy Push for version R81 after First Firewall IOS & HF upgrade
Revert to Clish Mode in the both Firewalls CLI

 

Repeat same steps for Active Firewalls
Policy Push for version R81 after First Firewall IOS & HF upgrade
Make sure Primary Firewall is now active

0 Kudos
PhoneBoy
Admin
Admin

It's generally only required for version upgrades (not installing a new JHF).

_Val_
Admin
Admin

No need to install policy after JHF update.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events